When I see through the logs of my secured wifi, I see plenty of failed logins, often from the same MAC adress. I reckon that some of my neighbors try to use my wifi.

I am too curious, what they want to use it for, thus I wondered whether and how I could set up a trap: set up an open wifi - but with no connection to the internet and somehow see what they wanted to do.

Could you do something like that? If yes, what would be the hardware and software requirements? I have a spare TP-Link TL-WR841ND Wireless-LAN Router and am using Windows 8 and Ubuntu.

As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
If this question can be reworded to fit the rules in the help center, please edit the question.

1

Howdy! IMO your question is much too vague as-is. Yes, you could set something up; Traditionally they're refered to as a Honeypot. Additionally just asking for a list of tools to use to set one up is often considered "not constructive". What have you tried already, where are you getting stuck?
–
Ƭᴇcʜιᴇ007Feb 9 '13 at 14:57

1

Not an answer you your question, but for inspiration google on 'upside down ternet'
–
HennesFeb 9 '13 at 15:00

1 Answer
1

First off all, consider A) any legal implications, B) the risk involved if they do something illegal on your connection, and C) if you aren't seeing numerous repeated back-to-back failed logins in a short amount of time, it may not be malicious activity. It could be, for example, someone who really doesn't grasp how to tell their system to connect to their own WiFi properly, or maybe they accidentally set your SSID as a known network on a phone and they don't know how to delete it.

So of course you can set your wireless router as totally open, or set your WPA2 password to something common, and wait for them to sign on.

To see what others are doing, you need to put the incoming traffic from the WiFi access point through something that can run software to capture and report on what is coming through. Wireshark and the Linux command line version tshark can give you a live view of what is going on or literally capture all traffic coming through for later analysis. The program squid, if set up properly on Linux with an appropriate transparent-proxying iptables configuration, can log each HTTP/HTTPS request.

You may be able to do most of this on the wireless router if it has enough RAM and can be flashed to DD-WRT or OpenWrt. If not, basically you want to disable all routing and DHCP functions on the wireless access point, set up a separate router and DHCP elsewhere, and have another box with two NICs that's "in front" of the wireless access point that can run the above software. I think pretty much you'd want to bridge these two NICs with brctl or set up simple forwarding with iptables.